secure cooperative sharing of javascript, browser, and physical resources
DESCRIPTION
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources. Leo Meyerovich , David Zhu. Benjamin Livshits. UC Berkeley. Web Application Security. l ipstick on a pig?. Not Your Mother’s Browser. browser kernels. JIT compilers. disk. jsvm , network , . - PowerPoint PPT PresentationTRANSCRIPT
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
Benjamin Livshits
UC Berkeley
Leo Meyerovich, David Zhu
Web Application Security
lipstick on a pig?
JIT compilers
partitioned hardware
Not Your Mother’s Browserbrowser kernels
disk
jsvm, network, ...
Mashup Manifesto1. sharing requires control
2. sharing must be natural
3. sharing must be cheap
1. <CoFrame src=http://gadget.com/page id=gadget 2. passthroughBrowser="html css js" 3. delegatePhysical=".1 cpu"/> ...4. var toggle = true; 5. delegateBrowser(“network”, gadget, "http://gadget.com", 6. function () { if (!toggle) throw ‘exn!’; }); 7. function getData() { 8. toggle = false; 9. return "profile data"; } 10. gadget.getData = getData; 11. aroundJS(gadget, getData, “execute”, 12. function proceed (continue) { return continue(); });
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
Alice Bob
__proto__
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
Alice Bob
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
set, get, …aroundJS(Bob, getData, “execute”, function proceed (continue) { return continue(); })
function defaultDeny (continue) { throw ‘err’ }
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
set, …, get
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
execute, set, get, addField, removeField
set, …, get
Cornelia
set, …
browser
Browser API Sharing with Non-Tampering Advice
facebook.com
gadget.com
gadget.com
delegateBrowser(“network”, gadget, "http://gadget.com", function () { if (!toggle) throw ‘exn!’; });
delegation: non-tampering advicefacebook.com
parser, DOM, CSS, ...
Physical Resource Sharing with ROS
disk
layout
render
layout
render
layout
render
… … …
Conclusion
• Abstractions for sharing browser, physical, and JavaScript resources
• Use the browser, OS/hardware, and language runtime
Mashup Manifesto1. sharing requires control
2. sharing must be natural
3. control must be cheap
Related Work
Physical Resource Sharing Resource Containers E Gazelle TessellationOS Chrome
JavaScript Sharing Caja MashupOS Object Views ConScript
Browser API Sharing OP Browser ConScript ServiceOS
backup slides.
Sharing Browser APIs: Today
Facebook.comadvice
DOM (FFI)
Sharing Browser APIs: Tomorrow
Facebook.com
DOM (FFI)
advice
browser
kernel
The Times They Are A-Changin’method-based JIT
trace-based compilationstatic compilation
GPU rendering
parser generator
parallel layout
multicore CSS selectors
parallel parsing
hardware partitioning
hypervisor, microkernel,
browser JIT (C#, X86, …)
browser kernel
solver generator
container.com
gadget.com
BROWSER
container.com
gadget.com
gadget.com
BROWSER
gadgetfork
bomb!!!
YouTubepolicy?
container.com
gadget.com
gadget.com
BROWSER
A New Hope